Featured
The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON
The KQL Playbook (Play #2): Mastering the Matching Game
The Self-Updating Watchlist: Automating Sentinel with Logic Apps & Graph API
Unlocking Sentinel's True Power: A Guide to the Graph API and Logic Apps
Herding Cats with Sentinel: An In-Depth Guide to Workspace Manager
The 7 Deadly Sins of a Microsoft Sentinel Deployment
Beyond the Basics: Forging Your Own Custom Detections in Defender XDR
Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)
The "Undo" Button for Sentinel Logs: An In-Depth Guide to Purging Data
Sentinel's Built-in Consultant: An In-Depth Guide to SOC Optimization
Microsoft Threat Intelligence: Giving Your Sentinel a Brain
Sentinel's Endgame Gear: Sentinel Data Lake
Sentinel on a Budget: How to Tame Your Log Costs
MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give
Microsoft Sentinel Rule Tuning: Kick the Noise, Keep the Signal
Microsoft Sentinel's Secret Weapon: Your First Watchlist
Microsoft Sentinel: How to Nuke a Noisy Incident Queue
The KQL Playbook (Play #1): A Beginner's Guide to Talking to Your Data
How to Bulk Enable All Sentinel Analytic Rules (The Easy Way)
Analytic Rules
-
Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule
-
How to Bulk Enable All Sentinel Analytic Rules (The Easy Way)
-
Beyond the Basics: Forging Your Own Custom Detections in Defender XDR
-
The KQL Playbook (Play #2): Mastering the Matching Game
Automation
-
Microsoft Sentinel: Let the Robots Do the Work - Your First Automation Playbook
-
How to Bulk Enable All Sentinel Analytic Rules (The Easy Way)
-
Microsoft Sentinel: How to Nuke a Noisy Incident Queue
-
Microsoft Sentinel Rule Tuning: Kick the Noise, Keep the Signal
-
Herding Cats with Sentinel: An In-Depth Guide to Workspace Manager
Azure
Career Advice
-
How to Nail Your First SOC Analyst Interview (Professor's Notes)
-
MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give
Cheatsheet
Cost Optimisation
-
Sentinel on a Budget: How to Tame Your Log Costs
-
Sentinel's Endgame Gear: Sentinel Data Lake
-
Sentinel's Built-in Consultant: An In-Depth Guide to SOC Optimization
-
The "Undo" Button for Sentinel Logs: An In-Depth Guide to Purging Data
Data Connectors
Getting Started
-
How to create Microsoft Sentinel
-
So You've Deployed Sentinel. Now What? A Guide to Data Connectors
-
Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule
-
Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)
-
The KQL Playbook (Play #2): Mastering the Matching Game
Incident Response
-
Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)
-
Microsoft Threat Intelligence: Giving Your Sentinel a Brain
-
Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)
-
Beyond the Basics: Forging Your Own Custom Detections in Defender XDR
Interview Prep
-
How to Nail Your First SOC Analyst Interview (Professor's Notes)
-
MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give
KQL
-
Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule
-
Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)
-
The KQL Playbook (Play #1): A Beginner's Guide to Talking to Your Data
-
Microsoft Sentinel's Secret Weapon: Your First Watchlist
-
Microsoft Sentinel Rule Tuning: Kick the Noise, Keep the Signal
KQL Playbook
Logic Apps
-
Microsoft Sentinel: Let the Robots Do the Work - Your First Automation Playbook
-
The "Undo" Button for Sentinel Logs: An In-Depth Guide to Purging Data
-
The Self-Updating Watchlist: Automating Sentinel with Logic Apps & Graph API
Microsoft Sentinel
-
How to create Microsoft Sentinel
-
A Day in the Life of a SOC Analyst
-
So You've Deployed Sentinel. Now What? A Guide to Data Connectors
-
Microsoft Sentinel: From Logs to Alerts - Creating Your First Analytic Rule
-
Microsoft Sentinel: An Incident Just Fired. Now What? (A Beginner's Guide to Investigation)
MSSP
-
A Day in the Life of a SOC Analyst
-
MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give
Playbook
PowerShell
-
How to Bulk Enable All Sentinel Analytic Rules (The Easy Way)
-
Microsoft Sentinel: How to Nuke a Noisy Incident Queue
Rule Tuning
Security Operations
-
A Day in the Life of a SOC Analyst
-
Microsoft Sentinel: How to Nuke a Noisy Incident Queue
-
MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give
-
The KQL Playbook (Play #2): Mastering the Matching Game
SOC
-
How to Nail Your First SOC Analyst Interview (Professor's Notes)
-
A Day in the Life of a SOC Analyst
-
Microsoft Sentinel: How to Nuke a Noisy Incident Queue
-
MSSP SOC Analyst Interviews (Microsoft Stack): The questions you’ll actually get -and the answers I’d actually give
-
Microsoft Threat Intelligence: Giving Your Sentinel a Brain
Threat Hunting
-
The KQL Playbook (Play #1): A Beginner's Guide to Talking to Your Data
-
Sentinel's Endgame Gear: Sentinel Data Lake
-
Microsoft Threat Intelligence: Giving Your Sentinel a Brain
-
Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)
-
The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON
Watchlist
-
Microsoft Sentinel's Secret Weapon: Your First Watchlist
-
The Self-Updating Watchlist: Automating Sentinel with Logic Apps & Graph API